WhatsApp privacy backlash is a wake-up call for secure enterprise messaging and collaboration
February 17 2021
by Raul Castanon-Martinez
Early this year, WhatsApp experienced a major backlash over privacy concerns after sending users a notification requiring them to sign off on updated terms and conditions to continue accessing the messaging service. The notification – which stated that WhatsApp could share users' information such as their phone number, location and contacts with its parent company Facebook – resulted in a record number migrating to alternative services such as Telegram and Signal.
This does not come as a surprise. According to a 451 Research survey, consumer beliefs surrounding the privacy of their data has shifted in the past two years, with a growing awareness geared toward a more stringent approach to data privacy and security compliance practices and standards.
Survey results show that only 23% of respondents believe that current levels of regulation surrounding consumer data privacy and protection (e.g., GDPR, CCPA) are adequate, while 69% are at least somewhat likely to support federal regulation of data privacy in the US. The backlash is a wakeup call for businesses, highlighting the need for enabling a distributed workforce with secure and compliant communications and collaboration.
The 451 Take
According to 451 Research (November 2020), most respondents (90%) feel confident in their organization's ability to operate as new conditions created by the COVID-19 pandemic continue. However, as they move beyond their initial response and shift their focus to long-term planning, they are facing new challenges – such as learning how to manage employee productivity and engagement for a distributed workforce, and understanding the complexities that enabling secure remote collaboration entails. The use of consumer over-the-top (OTT) messaging apps in the workplace has remained an ongoing issue for several years; however, the shift to remote work resulting from the COVID-19 outbreak makes this an even more urgent issue. The backlash experienced by WhatsApp over privacy concerns should prompt organizations to evaluate their use of messaging and collaboration technologies. It is also an opportunity for them to create awareness among employees on the risks that the use of OTT apps can have for data security and compliance.
Securing a distributed work environment
Communications and collaboration vendors experienced a surge in demand in 2020, with organizations looking to support an unprecedented number of employees working remotely in response to the COVID-19 pandemic. Nearly one year after the outbreak, organizations are adjusting their operations for the long term, with remote work becoming permanent for a substantial number of employees.
Our 2020 survey shows that flexible work arrangements will become permanent for a substantial number of employees, with most respondents saying that their organization is looking to adopt (51%) or extend (45%) existing remote work policies. The shift to remote work also raised awareness of the need to enable secure messaging and collaboration. According to our 2020 survey, nearly three out of four (74%) respondents are somewhat (52%) or very concerned (22%) about the level of security in the collaboration tools that remote workers are currently using.
These concerns are not unfounded. SaaS videoconferencing provider Zoom gained significant momentum last year during the COVID-19 pandemic – however, the surge in demand also uncovered security gaps in its platform that led to a major backlash against the company. And in addition to the privacy backlash that WhatsApp experienced in early 2021, last year, the German Federal Commissioner for Data Protection and Freedom of Information stated that German federal government employees were not allowed to use WhatsApp for internal and external communication. These incidents have placed a spotlight on the security, privacy and compliance requirements for remote workers.
Key challenges in securely supporting a distributed workforce
We have previously noted that COVID-19 is influencing market requirements for business communications and collaboration. This is particularly relevant when it comes to security, privacy and compliance. These requirements tend to fall into one of six categories, as shown in the table below. (It should be noted that the vendors listed exemplify specific capabilities, and their inclusion should not be understood as an endorsement of any kind; in addition, vendors continuously update their product roadmaps with new features that may not be listed.)
Market Requirements for Secure Enterprise Messaging and Collaboration
451 Research, part of S&P Global Market Intelligence
It is important to highlight that privacy and security requirements fall into a continuum, and will vary depending on the use case, industry vertical and even an employee's position in the organization. Furthermore, vendors will address them in different ways. This highlights the complexities involved in supporting a distributed workforce.
For example, when it comes to data sharing, consumer OTT messaging apps such as Facebook and WhatsApp will specify in their terms of service the type of data they collect. In the case of WhatsApp, this includes device ID, phone number, purchase history, location and contacts. For Facebook Messenger, this includes purchases, financial information, location, contact information, contacts, user content, identifiers, usage data and diagnostics.
In contrast, enterprise applications have different approaches to data collection. Slack and Microsoft Teams do not collect data in the same way as consumer applications, but will provide the option for third-party integrations, while others such as NetSfere have a strict 'no data collection' approach. These nuances can be relevant for organizations in verticals with strict regulatory requirements, or use cases dealing with highly sensitive information.
Similarly, while consumer applications such as Signal and WhatsApp and enterprise applications such as Element, NetSfere and Zoom provide encrypted communications, they will have different approaches. Some applications such as WhatsApp are mobile-first or mobile-only, while others provide multidevice capabilities (i.e., mobile app, desktop app, browser). Therefore, encryption could refer to device-to-server, server-to-device or device-to-device.
Secure enterprise messaging and collaboration is no longer a niche segment
Until recently, secure communication apps such as HighSide, NetSfere, Symphony, and Workstorm were largely positioned as a distinct category focusing on specific verticals and use cases with strict security and compliance requirements. The need to securely support a distributed workforce is increasingly blurring the line between secure communication apps and horizontal applications – including team collaboration and unified communications.
While we expect that team collaboration and unified communications will remain distinct categories in the near term, the need to support a distributed workforce is raising the bar, closing the gap with secure communication apps. We expect this will lead organizations to evaluate their messaging and collaboration technologies. It could lead to increased M&A activity in 2021, with vendors following the lead of Zoom – which acquired secure messaging service Keybase – looking to accelerate their product roadmaps to enhance their security and compliance capabilities.